I've found two solutions, neither simple.
First works for a limited number of "target machines" in a DMZ. It's to use
DNAT to map the target addresses into the address space of the local green
subnet, and unmap them when they pop out of the IPSec channel.
The second is to add routes and ipsec eroutes (try "ipsec eroute" and "ipsec
eroute -h" on your IPCop box).
The second is a more general method, and should be easily scriptable for a
general setup. I haven't tried it as all I needed was connection to a DMZ.
David
> -----Original Message-----
> From: ipcop-user-bounces@...
> [mailto:ipcop-user-bounces@...] On Behalf
> Of Franck Horlaville
> Sent: Wednesday, June 07, 2006 5:46 PM
> To: GG Noris
> Cc: ipcop-user@...
> Subject: Re: [IPCop-user] VPN site-to-site unable to add a route
>
> I'm trying to do the same ; so far what should work is either
> to modify your subnet masks to allow both networks in (I
> think) or create a second VPN between the same machines with
> the second subnet ...
>
> If you find a solution I'm a taker !
>
> tx
>
> On 5 juin 06, at 09:08, GG Noris wrote:
>
> > Hello,
> >
> > I have ipcop 1.4.10 connected to internet with 2 nic
> ethernet 1 WAN e
> > 1 LAN
> >
> > the lan connection is on a private address 10.10.9.0/24 the wan
> > connection is public with a pubblic IP
> >
> > i have maked a VPN site to site with another firewall. this
> firewall
> > have multiple private IP on the local nic.
> >
> > i have tested VPN with the first LAN IP on the remote site
> of the VPN:
> >
> >
> > ipcop -> remote site
> > 10.10.9.0/24 10.11.8.0/24
> >
> > In this configuration al work great!
> >
> > i need to add a private subnet to the remote site:
> >
> > 10.11.9.0/24
> >
> > and ipcop from lan need to reach it.
> >
> > I have added it, and the remote site route in the direction
> of ipcomp
> > for this new private subnet.
> >
> > i need to know with ipcop if adding a route to reach from
> VPN the new
> > subnet is enought in this mode:
> >
> > route add -net 10.11.9.0 netmask 255.255.255.0 gw a.b.c.d ipsec0.
> >
> > a.b.c.d is the IP public on red Iface.
> >
> > i have try but is not working.
> >
> > Thereis another solution or this is bad ?
> >
> >
> > THX.
> >
> > GG.nk
> >
> >
> > _______________________________________________
> > IPCop-user mailing list
> > IPCop-user@...
> > https://lists.sourceforge.net/lists/listinfo/ipcop-user
>
> Franck Horlaville
> IT Manager
> Qualitech
>
>
>
>
>
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@...
> https://lists.sourceforge.net/lists/listinfo/ipcop-user
>

you really need at least 256 megs of ram to squeeze it in there..320 and
above is best. Also to prevent conflicts install addons server then
cop+..update cop+ then install copfilter..:)
Mike Gilbert wrote:
> Hi
>
> Can both these be installed on the same box? And what sort of
> performance would it need if so? My IPCop machine at the minute is
> running with Cop+ on an ancient P133 machine with (I think 128Mb). The
> only clients are a couple of PCs, my PDA occasionally and my old Acorn
> RiscPC. Performance is more than adequate. The machine is old and noisy,
> though, and I'm thinking about seeing what I can acquire to replace it.
>
> I have got hold of a Qube 3, but the palaver involved in setting that up
> is beyond my free time, skill and patience. And it's got a Navaho
> install on it anyway.
>
> Cheers
>
> Mike
--
My "Foundation" verse:
Isa 54:17 No weapon that is formed against thee shall prosper; and
every tongue that shall rise against thee in judgment thou shalt
condemn. This is the heritage of the servants of the LORD, and their
righteousness is of me, saith the LORD.
-- carpe ductum -- "Grab the tape"
CDTT (Certified Duct Tape Technician)
Linux user #322099
Machines:
206822
256638
276825
http://counter.li.org/

On 6/10/06, Harvin Sauls (ML) <lists@...> wrote:
>
>
> I started looking at IPCOP recently and I have a question. I have two
> PC's that I need to restrict to only certain web sites. Is this posible to
> do with any of the add-ons?
>
URLFilter <http://www.urlfilter.net/>is perfect for this. You have to also
install Advproxy with it (linked on the same page)

Bill Hausmann wrote:
> I run both with no issues. I have a celeron 800 with 320 meg of ram and a
> quad eth card.
>
> -Bill
>
>
> ----- Original Message -----
> From: "Mike Gilbert" <admin@...>
> To: "IPCop list" <ipcop-user@...>
> Sent: Sunday, June 11, 2006 5:06 AM
> Subject: [IPCop-user] Cop+ and Copfilter
>
>
>
>> Hi
>>
>> Can both these be installed on the same box? And what sort of
>> performance would it need if so? My IPCop machine at the minute is
>> running with Cop+ on an ancient P133 machine with (I think 128Mb). The
>> only clients are a couple of PCs, my PDA occasionally and my old Acorn
>> RiscPC. Performance is more than adequate. The machine is old and noisy,
>> though, and I'm thinking about seeing what I can acquire to replace it.
>>
>> I have got hold of a Qube 3, but the palaver involved in setting that up
>> is beyond my free time, skill and patience. And it's got a Navaho
>> install on it anyway.
>>
>> Cheers
>>
>> Mike
>> --
>> Mike Gilbert
>> http://www.lewisgilbert.co.uk
>>
>>
>>
>>
>
Mike,
Your 133 MHz and 128MB RAM will not run COP+ with spamassasin, antivirus
and other processes with any success. I'd suggest at least 400-500MHz
and more than 256MB RAM.
You'll be sorry you did it on a 133...
Roger

I run both with no issues. I have a celeron 800 with 320 meg of ram and a
quad eth card.
-Bill
----- Original Message -----
From: "Mike Gilbert" <admin@...>
To: "IPCop list" <ipcop-user@...>
Sent: Sunday, June 11, 2006 5:06 AM
Subject: [IPCop-user] Cop+ and Copfilter
> Hi
>
> Can both these be installed on the same box? And what sort of
> performance would it need if so? My IPCop machine at the minute is
> running with Cop+ on an ancient P133 machine with (I think 128Mb). The
> only clients are a couple of PCs, my PDA occasionally and my old Acorn
> RiscPC. Performance is more than adequate. The machine is old and noisy,
> though, and I'm thinking about seeing what I can acquire to replace it.
>
> I have got hold of a Qube 3, but the palaver involved in setting that up
> is beyond my free time, skill and patience. And it's got a Navaho
> install on it anyway.
>
> Cheers
>
> Mike
> --
> Mike Gilbert
> http://www.lewisgilbert.co.uk
>
>
>
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@...
> https://lists.sourceforge.net/lists/listinfo/ipcop-user

Hi
Can both these be installed on the same box? And what sort of
performance would it need if so? My IPCop machine at the minute is
running with Cop+ on an ancient P133 machine with (I think 128Mb). The
only clients are a couple of PCs, my PDA occasionally and my old Acorn
RiscPC. Performance is more than adequate. The machine is old and noisy,
though, and I'm thinking about seeing what I can acquire to replace it.
I have got hold of a Qube 3, but the palaver involved in setting that up
is beyond my free time, skill and patience. And it's got a Navaho
install on it anyway.
Cheers
Mike
--
Mike Gilbert
http://www.lewisgilbert.co.uk

On Sat 10 Jun, Renaud (Ron) Olgiati wrote:
>
> I have installed the COP+ addon to my IPCop firewall box, and run DG to folter
> net access on my children's boxes.
>
> I see in the exceptionregexpurllist that came as standard that it contains
> lines to turn on the filtering in the Google search engines.
>
> Does anyone know if similar reg expressions have been written to turn on
> filtering on other search engines ? (just to avoid re-inventing the wheel)
>
> Or most I for safety add all the other search engines to the bannedsitelist ?
>
I run Cop+ for exactly the same reason, and haven't tweaked the search
engine settings at all. I have set the defaults on Google to Safe
Search, though. I tend to find that if an Image search finds a thumbnail
of something iffy, the URL is blocked by DG already. And on a main
search, words and phrases will be filtered if they appear on the search
page, and linked pages filtered if the content is dodgy.
Best of all, from my son's point of view, is that I'm happy for him to
use games sites like onemorelevel.com or Runescape as the ad block keeps
out the popups.
Cheers
Mike
--
Mike Gilbert
http://www.lewisgilbert.co.uk

Community

Help

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

CountryState

JavaScript is required for this form.

I agree to receive quotes, newsletters and other information from sourceforge.net and its partners regarding IT services and products. I understand that I can withdraw my consent at any time. Please refer to our Privacy Policy or Contact Us for more details